2 Answers
2

Its simple really.
If you don't trust your hosting company. You don't host with them.

You've got lots of issues if someone can get access to your web-app source code and read/write to it. While there are several defenses which can limit what useful information can be gleaned from source code (like encrypting usernames and passwords) your primary defense should be to ensure that the box does not get compromised in the first place.

If you own a web hosting company and 'study' customer code, you can find yourself in a LOT of trouble. As Lucas mentions, without prior written acceptance, you'll find your more than likely breaking the law.

About viewing the source code: You are walking in dangerous water. Depending on your country that can be considered a violation of the privacy regulation. Without a written statement you simply aren't allowed to do that.